Buck Woody : Data, Conceptshttp://sqlblog.com/blogs/buck_woody/archive/tags/Data/Concepts/default.aspxTags: Data, ConceptsenCommunityServer 2.1 SP2 (Build: 61129.1)How Does the Cloud Change a Developer's Job?http://sqlblog.com/blogs/buck_woody/archive/2013/02/12/how-does-the-cloud-change-a-developer-s-job.aspxTue, 12 Feb 2013 16:26:51 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:47670BuckWoody1http://sqlblog.com/blogs/buck_woody/comments/47670.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=47670<p>I've recently <a href="http://sqlblog.com/b/buckwoody/archive/2013/01/22/how-does-the-cloud-change-a-systems-architect-s-job.aspx" target="_blank">posted a blog on how cloud computing would change the Systems Architect&rsquo;s role in an organization</a>, another on <a href="http://sqlblog.com/b/buckwoody/archive/2013/01/29/how-does-the-cloud-change-a-database-administrator-s-job.aspx" target="_blank">how the cloud changes a Database Administrator's job</a>, and the <a href="http://sqlblog.com/b/buckwoody/archive/2013/02/05/how-does-the-cloud-change-a-systems-administrator-s-job.aspx" target="_blank">last post dealt with the </a><a>Systems Administrator</a>. In this post I'll cover the changes facing the Software Developer when using the cloud. </p>
<p>The software developer role was the earliest adopter of cloud computing. This makes perfect sense, because the software developer has always used computing "as a service" - they (most often) don't buy and configure servers, platforms and the like, they write code that runs on those platforms. And there's probably not a simpler definition of a software developer to be found, but as with all simple statements, you lose fidelity and detail.&nbsp; I'll offer a more complete list in a moment.</p>
<p>Because the software developer's process involves designing, testing and writing code locally and then migrating it to a production environment, all of the paradigms in cloud computing - <a href="http://sqlblog.com/b/buckwoody/archive/2012/06/13/windows-azure-write-run-or-use-software.aspx" target="_blank">from IaaS to PaaS to SaaS</a> - come naturally. </p>
<h1>The Software Developer's Role</h1>
<p>The software developer has evolved since the earliest days of programming.The software developer not only "writes code"&nbsp; - there are far more tasks involved in modern systems development:</p>
<ul>
<li><span style="color:#993300;">Assisting the Business Role(s) in developing software specifications<br /></span></li>
<li><span style="color:#993300;">Planning software system components and modules<br /></span></li>
<li><span style="color:#993300;">Designing system components<br /></span></li>
<li><span style="color:#993300;">Working in teams writing classes, modules, interfaces and software endpoints<br /></span></li>
<li><span style="color:#993300;">Designing data layouts, architectures, access and other data controls</span></li>
<li><span style="color:#993300;">Designing and implementing security, either programmatic, declarative, or referential<br /></span></li>
<li><span style="color:#993300;">Mixing and matching various languages, scripting and other constructs within the system<br /></span></li>
<li><span style="color:#993300;">Designing and implementing user and account security rights and restrictions</span></li>
<li><span style="color:#993300;">Designing various software code tests - unit, functional, fuzz, integration, regression, performance and others</span></li>
<li><span style="color:#993300;">Deploying systems <br /></span></li>
<li><span style="color:#993300;">Managing and maintaining code updates and changes<br /></span></li>
</ul>
<p>Like most of the previous roles, those tasks also unpacks into a larger set of tasks, and no single developer has exactly that same list. And like the DBA, the role is often more, or less of that list based on where the developer works. Smaller companies may include the development platform in the duties so that a developer is also a systems administrator. In larger organizations I've seen developers that specialized on User Interfaces, Engine Components, Data Controls or other specific areas.</p>
<h1>How the Cloud Changes Things</h1>
<p>The software developer role obviously has the same concerns and impacts of "the cloud" as the Systems Architect. They need to educate themselves on the options within this new option (<span style="color:#0000ff;">Knowledge</span>), try a few test solutions out (<span style="color:#0000ff;">Experience</span>) and of course work with others on various parts of the implementation (<span style="color:#0000ff;">Coordination</span>).</p>
<p>The big changes for a developer include three major areas: Hybrid Software Design, Security, and Distributed Computing.</p>
<h2>Hybrid Software Design</h2>
<p>After the PC revolution, software developers designed systems that ran primarily on a single computer. From there the industry moved to "client/server", where most of the code still lived on the user's workstation, and various levels of state (such as the data layer) moved to a server over fast connected lines. After than followed the Internet phase, which had less to do with HTML coding than it did with state-less architectures. While no architecture is truly stateless, there are ways of allowing the client to be in a different state than the server of the application at any one time - this is the way the Web works.</p>
<p>Even so, the developer often simply moved one the primary layers (such as Model, View or Controller) to the server, using the User Interface merely as the View or Presentation layer. While technically stateless, this doesn't require a great deal of architecture change - there are various software modules that run on a server, and perhaps that connects to a remote data server. In the end, it's still a single paradigm.&nbsp;</p>
<p>We now have the ability to run IaaS (hardware abstraction), PaaS (hardware, operating system and runtime abstraction) and SaaS (everything abstracted, API calls only) in a single environment such as Windows Azure. A single application might have a Web-based Interface Server with federated processes&nbsp; (using a PaaS set of roles), a database service (using a SaaS provider such as Windows Azure SQL Database), a specialized process in Linux (using an IaaS role in Windows Azure) and a translator API (from the Windows Azure Marketplace). This example involves only one vendor - Microsoft. I've seen applications that use multiple vendors in this same way.</p>
<p>Thinking this way opens up a great deal of flexibility - and complexity. Complexity isn't evil; it's how complicated things get done many times. The modern developer&nbsp; needs to understand how to build hybrid software architectures. </p>
<p style="color:#993300;"><span style="color:#993300;"><em><span style="color:#0000ff;">Resources</span>:</em></span> Hybrid Architectures with step-by-step instructions and examples:&nbsp;<a href="http://msdn.microsoft.com/en-us/library/hh871440.aspx" target="_blank">http://msdn.microsoft.com/en-us/library/hh871440.aspx </a> and <span style="color:#993300;">Windows Azure Hybrid Systems</span>:&nbsp;<a href="http://msdn.microsoft.com/en-us/library/hh871440.aspx?AnnouncementFeed&amp;nbsp;" target="_blank">http://msdn.microsoft.com/en-us/library/hh871440.aspx?AnnouncementFeed&nbsp;</a></p>
<h2>Security</h2>
<p>Having a single security boundary, such as "everyone who works in my company", is a relatively simple problem to solve. Normally the System Administrators configure and control a security provider, such as Active Directory, and developers can access that security layer programmatically.&nbsp; That allows for good separation of duties and role-based control.</p>
<p>In modern applications, clients, managers, and users both internal and external need various levels of access to the same objects, code and data. A client should be able to enter an order, a store should be able to accept the order, the credit-card company should be able to check the order and authorize payment, and the managers should be able to report on the order or change it if needed. Using role-based security across multiple domains would be impossible to maintain.</p>
<p>Enter "claims-based" authentication. In this paradigm, the user logs in with whatever security they use - corporate or other Active Directory, Facebook, Google, whatever. The application (using Windows Identity Foundation or WIF) can accept a "claim" from that provider, and the developer can match whatever parts of that claim they wish to the objects, code and data. And example might be useful.</p>
<p>Buck logs in to his corporate Active Directory (AD), and attempts to use a program based in Windows Azure. Windows Azure rejects the login silently, and is configured to check with Buck's AD. Buck's AD says "yes, I know Buck, and he has been granted the following claims: "partner", "manager", "approver". The developer does not need to know about Buck's AD, Buck, his login, or anything else. She simply codes the proper data access to allow "approver" to approve a sale.&nbsp;</p>
<p>This allows a lot of control, at a very fine level, without having to get into the details of each security provider. .</p>
<p><span style="color:#993300;"><em><span style="color:#0000ff;">Resources</span>:</em></span> <span style="color:#993300;">Overview of using claims-based Azure Security</span>: <a href="http://adnanboz.wordpress.com/2011/02/06/claims-based-access-and-windows-azure/" target="_blank">http://adnanboz.wordpress.com/2011/02/06/claims-based-access-and-windows-azure/ </a></p>
<h2>Distributed Computing</h2>
<p>Is there a difference between stateless computing, or even the hybrid programming I mentioned earlier, and "Distributed Computing"? Yes - the primary difference is latency. Even stateless code can have too small a tolerance for latency.&nbsp;</p>
<p>Dealing with slow connectivity, or breaks in connections has many impacts. One method of dealing with this is to locate data and computing of that data as closely as possible, even if this means relaxing consistency or duplicating data. Another method is to go back to a great paradigm from the past that is possible underused today is a Service Oriented Architecture. The Windows Azure Service Bus is possibly one of the fastest and easiest way to adopt cloud computing without completely rearchitecting your application. </p>
<p><span style="color:#0000ff;"><em>References</em></span>: <span style="color:#993300;">Great breakdown of the thought process around a distributed architecture:</span> <a href="http://msdn.microsoft.com/en-us/magazine/jj553517.aspx" target="_blank">http://msdn.microsoft.com/en-us/magazine/jj553517.aspx </a>and <span style="color:#993300;">using a Windows Azure Relay Service</span>: <a href="http://www.windowsazure.com/en-us/develop/net/how-to-guides/service-bus-relay/" target="_blank">http://www.windowsazure.com/en-us/develop/net/how-to-guides/service-bus-relay/</a>&nbsp;</p><img src="http://sqlblog.com/aggbug.aspx?PostID=47670" width="1" height="1">Application ArchitectureAzureCareerCloud ComputingComputingConceptsDataDesignWindows AzureHow Does the Cloud Change a Database Administrator’s Job?http://sqlblog.com/blogs/buck_woody/archive/2013/01/29/how-does-the-cloud-change-a-database-administrator-s-job.aspxTue, 29 Jan 2013 15:08:32 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:47385BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/47385.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=47385<p>I recently<a href="http://sqlblog.com/b/buckwoody/archive/2013/01/22/how-does-the-cloud-change-a-systems-architect-s-job.aspx" target="_blank"> posted a blog entry on how cloud computing would change the Systems Architect&rsquo;s role in an organization</a>. In a way, the Systems Architect has the easiest transition to a new way of using computing technologies. In fact, that&rsquo;s actually part of the job description.&nbsp;I mentioned that a Systems Architect has three primary vectors to think about for cloud computing, as it applies to what they should do:</p>
<ol>
<li><span style="color:#0000ff;">Knowledge - Which options are available to solve problems, and what are their strengths and weaknesses.</span></li>
<li><span style="color:#0000ff;">Experience - What has the System Architect seen and worked with in the past.</span></li>
<li><span style="color:#0000ff;">Coordination - A system design is based on multiple factors, and one person can't make all the choices. There will need to be others involved at every level of the solution, and the Systems Architect will need to know who those people are and how to work with them.</span></li>
</ol>
<h1>The Database Administrator Role</h1>
<p>But a Database Administrator (DBA) is probably one of the harder roles to think about when it comes to cloud computing. First, let&rsquo;s define what a Database Administrator usually thinks about as part of their job:</p>
<ul>
<li><span style="color:#993300;">Planning, Installing and Configuring a Database Platform</span></li>
<li><span style="color:#993300;">Planning, designing and creating databases</span></li>
<li><span style="color:#993300;">Planning, designing and implementing High Availability and Disaster Recovery for each database (HADR) based on requirements for its workload</span></li>
<li><span style="color:#993300;">Maintaining and monitoring the database platform</span></li>
<li><span style="color:#993300;">Implementing performance tuning on the databases based on monitoring</span></li>
<li><span style="color:#993300;">Re-balancing workloads across database servers based on monitoring</span></li>
<li><span style="color:#993300;">Securing databases platforms and individual databases based on requirements and implementation</span></li>
</ul>
<p>That&rsquo;s just a short list, and each of those unpacks into a larger set of tasks.</p>
<p>The issue is that<em> I&rsquo;ve never actually met a DBA that does all of those things</em>, or <strong>just</strong> all of those things. Many times they do much more, sometimes the systems are so large they specialize on just a few of them.</p>
<p>And as you can see from the list, some of these areas are shared with other roles. For instance, in some shops, the DBA plans, purchases, sets up and configures the hardware for database servers. In others that&rsquo;s done<br />by the Infrastructure Team. In some shops the DBA designs databases from software requirements, and in others the developers do that &ndash; or perhaps it&rsquo;s done as a joint effort. The same holds true for database code &ndash; sometimes the<br />DBA does it, other times the developer, and still others it&rsquo;s a shared task.</p>
<p>In fact, you could argue that there are few other roles in IT where the roles are so intermixed. Also, the DBA works with software the company develops, and software the company buys. They work with hardware, networking, security and software. There are certain aspects of design and tuning that are outside the purview of some of those things, and inside the others.</p>
<p>With all of these variables, simply telling a DBA that they should &ldquo;use the cloud&rdquo; is not the proper approach.</p>
<h1>How the Cloud Changes Things</h1>
<p>To be sure, the DBA has the same vectors as the Systems Architect. They need to educate themselves on the options within this new option (<span style="color:#0000ff;">Knowledge</span>), try a few test solutions out (<span style="color:#0000ff;">Experience</span>) and of course work with others on various parts of the implementation (<span style="color:#0000ff;">Coordination</span>). But it goes beyond that.</p>
<p><a href="http://www.windowsazure.com/en-us/manage/windows/fundamentals/intro-to-windows-azure/#components" target="_blank">There are three big buckets of cloud computing</a>, dealing with simply using a Virtual Machine (IaaS) to writing code without worrying about the virtualization or even the operating system (PaaS) and using software that&rsquo;s already written and being delivered via an Application Programming Interface (API). Each of these has so many options and configurations that it&rsquo;s often better to think about the problem you&rsquo;re trying to solve rather than all of the technology within a given area - although some of that is certainly necessary anyway.&nbsp;</p>
<h2>Database Platform Architecture</h2>
<p>I&rsquo;ll start with when the DBA should even consider cloud computing for a solution. Once again, it&rsquo;s not an &ldquo;all or nothing&rdquo; paradigm, where you either run something on premises or in the cloud &ndash; it&rsquo;s often a matter of selecting the right components to solve a problem.&nbsp; In my design sessions with DBA&rsquo;s I break these down into three big areas where they might want to consider the cloud &ndash;and then we talk about how to implement each one:</p>
<ol>
<li><span style="color:#0000ff;">Audiences</span></li>
<li><span style="color:#0000ff;">HADR</span></li>
<li><span style="color:#0000ff;">Data Services</span></li>
</ol>
<h3>Audiences</h3>
<p>If the users of your database systems all sit in the same facility, you own the servers and networking, and the application servers are separate from the database server, it doesn&rsquo;t usually make sense to take that database workload and place it on Windows Azure &ndash; or any other cloud provider. The latency alone prevents a satisfactory performance profile, and in some cases won&rsquo;t work at all. It doesn&rsquo;t matter if the cloud solution is cheaper or easier &ndash; if you&rsquo;re moving a lot of data every second between an on-premises system and the cloud it won&rsquo;t work well.</p>
<p>However &ndash; if your users are in multiple locations, especially globally, or you have a mix of company and external customer users, it might make sense to evaluate a shared data location. You still need to consider the implications of how much data the application server pushes back and forth, but you may be able to locate both the application server and SQL Server in an IaaS role. Assuming the data sent to the final client will work across public Internet channels, there may be a fit. There are security implications, but unless you have point-to-point connections for your current solution you&rsquo;re faced with the same security questions on both options.</p>
<p>Your audience might also be developers looking for a way to quickly spin up a server and then turn it down when they are done, paying for the time and not the hardware or licenses. This is also a prime case for evaluating IaaS. And there are others that you'll find in your own organization as you work through the requirements you have.&nbsp;&nbsp;</p>
<p>Resources: Windows Azure Virtual Machines: <a href="http://www.windowsazure.com/en-us/manage/windows/tutorials/virtual-machine-from-gallery/">http://www.windowsazure.com/en-us/manage/windows/tutorials/virtual-machine-from-gallery/</a>&nbsp;and&nbsp;<span style="color:#993300;">Windows Azure SQL Server Virtual Machines</span>: <a href="http://www.windowsazure.com/en-us/manage/windows/common-tasks/install-sql-server/">http://www.windowsazure.com/en-us/manage/windows/common-tasks/install-sql-server/</a></p>
<h3>HADR</h3>
<p>The next possible place to consider using cloud computing with SQL Server is as a part of your High Availability and Disaster Recovery plans. In fact, this is the most common use I see for cloud computing and the Database Administrator. The key is the Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Based on each application&rsquo;s requirements, you may find that using Windows Azure or even supplementing your current plan is<br />the right place to evaluate options. I&rsquo;ve covered this use-case in more detail in another article.</p>
<p><span style="color:#993300;">References: SQL Server High Availability and Disaster Recovery options with Windows Azure</span>: <a href="http://sqlblog.com/b/buckwoody/archive/2013/01/08/microsoft-windows-azure-disaster-recovery-options-for-on-premises-sql-server.aspx">http://blogs.msdn.com/b/buckwoody/archive/2013/01/08/microsoft-windows-azure-disaster-recovery-options-for-on-premises-sql-server.aspx</a></p>
<h3>Data Services</h3>
<p>Windows Azure, along with other cloud providers, offers another way to design, create and consume data. In this use-case, however, the tasks DBA&rsquo;s normally perform for sizing, ordering and configuring a system don&rsquo;t apply.</p>
<p>With Windows Azure SQL Databases (the artist formerly known as SQL Azure), you can simply create a database and begin using it. There are places where this fits and others where it doesn&rsquo;t, and there are differences, limitations and enhancements, so it isn&rsquo;t meant as replacement for what you could do with &ldquo;Full-up&rdquo; SQL Server on a Windows Azure Virtual Machine or an on-premises Instance. If a developer needs an Relational Database Management<br />(RDBMS) data store for a web-based application, then this might be a perfect fit.</p>
<p>But there is more to data services than Windows Azure SQL Databases. Windows Azure also offers MySQL as a service, RIAK and MongoDB (among others) and even Hadoop for larger distributed data sets. In addition you can use Windows Azure Reporting Services, and also tap into datasets and data functions in the Windows Azure Marketplace.</p>
<p>The key for the DBA with this option is that you <em>will</em> have to do a little investigation this time, and potentially without a specific workload in mind this time. I think that&rsquo;s acceptable thing to ask &ndash; DBA&rsquo;s constantly keep up with data processing trends, and most will consider different ways to solve a problem.</p>
<p><span style="color:#993300;">References:</span></p>
<p><span style="color:#993300;">Windows Azure SQL Databases</span>: <a href="http://www.windowsazure.com/en-us/home/features/data-management/" target="_blank">http://www.windowsazure.com/en-us/home/features/data-management/</a></p>
<p><span style="color:#993300;">Windows Azure Reporting Services</span>: <a href="http://www.windowsazure.com/en-us/manage/services/other/sql-reporting/" target="_blank">http://www.windowsazure.com/en-us/manage/services/other/sql-reporting/</a></p>
<p><span style="color:#993300;">HDInsight Service (Hadoop on Azure): </span><a href="https://www.hadooponazure.com/" target="_blank">https://www.hadooponazure.com/</a></p>
<p><span style="color:#993300;">MongoDB Offerings on Windows Azure</span>: <a href="http://www.windowsazure.com/en-us/manage/linux/common-tasks/mongodb-on-a-linux-vm/" target="_blank">http://www.windowsazure.com/en-us/manage/linux/common-tasks/mongodb-on-a-linux-vm/</a></p>
<p><span style="color:#993300;">Windows Azure Marketplace</span>: <a href="http://www.windowsazure.com/en-us/store/overview/" target="_blank">http://www.windowsazure.com/en-us/store/overview/</a></p>
<p>&nbsp;</p><img src="http://sqlblog.com/aggbug.aspx?PostID=47385" width="1" height="1">Application ArchitectureAzureCareerCloud ComputingComputingConceptsDataDatabase AdministrationDBADesignSQL AzureSQL ServerWindows AzureHow Does the Cloud Change a Systems Architect’s Job?http://sqlblog.com/blogs/buck_woody/archive/2013/01/22/how-does-the-cloud-change-a-systems-architect-s-job.aspxTue, 22 Jan 2013 15:43:59 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:47243BuckWoody1http://sqlblog.com/blogs/buck_woody/comments/47243.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=47243<p>I know - I said I didn't like the "cloud" term, but my better-phrased "Distributed Systems" moniker just never took off like I had hoped. So I'll stick with the "c" word for now, at least until the search engines catch up with my more accurate term.</p>
<p>I thought I might spend a little time on how the cloud affects the way we work - from Systems Architects to Database Administrators and Developers, and Systems Administrators - a group often referred to as "IT Pro's". But each role within these groups have different aspects when using cloud computing. In this post we'll take a look at the role of the Systems Architect, and in the posts that follow I'll talk more about the other roles in the IT Pro area.</p>
<h1>The Systems Architect Role</h1>
<p>What does a "Systems Architect" do? Like most IT roles, it depends on the company or organization where they work. <a href="http://en.wikipedia.org/wiki/Systems_architect" target="_blank">In fact, the term isn't even specific to technology</a>, but I'll use it in that context here. In general, a Systems Architect takes the requirements for a given system, and assembles the relevant technology areas that best fulfill those requirements. That's a single-sentence explanation, and needs further unpacking.</p>
<p>As an example, a Systems Architect at a medical firm&nbsp;is presented with a set of requirements for tracking a patient through the entire care cycle. The Systems Architect first looks at all of the requirements for the data that needs to be collected based on business, financial, regulations, and other requirements, and then how that data needs to flow from one system to another. They check the security requirements, performance, location and other aspects of the system. They then check to see which options are available for processing that data, and which parts they should "build or buy".</p>
<p>For instance, the requirements might be so specific that only custom code is the proper solution - but even there, choices still exist, such as which language(s) to use, what type of data persistence (a Relational Database Management System or or other data storage and processing) will be used, what talent within the company is available for the system and a myriad of other decision.</p>
<p>All of this boils down to three primary vectors:</p>
<ol>
<li><span style="color:#0000ff;"><strong>Knowledge</strong> - Which options are available to solve problems, and what are their strengths and weaknesses.</span></li>
<li><span style="color:#0000ff;"><strong>Experience</strong> - What has the System Architect seen and worked with in the past.</span></li>
<li><span style="color:#0000ff;"><strong>Coordination</strong> - A system design is based on multiple factors, and one person can't make all the choices. There will need to be others involved at every level of the solution, and the Systems Architect will need to know who those people are and how to work with them.</span></li>
</ol>
<h1>How the Cloud Changes Things</h1>
<p>From the outset, it doesn't seem that using a distributed system would change anything in the Systems Architect role. Isn't the cloud simply another option that the Systems Architect needs to learn and apply? Yes, that is true - but it goes a bit deeper. Let's return to those vectors a moment to see what a Systems Architect needs to take into account.</p>
<h2>Knowledge</h2>
<p>The first and probably most obvious impact is learning about cloud technologies. But the important part of that knowledge is to learn <em>when</em> and <em>where</em> to use each service. It's a common misconception that the cloud should be an "all or nothing" approach. That's just not true - every Windows Azure project I work on has some element of on-premises interaction, and in some cases only one small part of a solution is placed on the Windows Azure architecture. Since Windows Azure contains IaaS (VM's) PaaS (you write code, we run it)&nbsp; and even SaaS (Such as Hadoop or Media Services), a given architecture can use multiple components even within just one provider. And I've worked on several projects where the customer used not only Windows Azure and On-Premises environments, but also components from other providers. That's not only acceptable, but often the best way to solve a given problem.</p>
<p>As part of the learning experience, it's vital to keep in mind what you need to pick as key decision points. In your organization, cost could be ranked higher than performance, or perhaps security is the highest decision point.</p>
<p>To stay educated, there are various journals, websites and conferences that Systems Architects use to keep current. Almost all of those are talking about "cloud" - but there is no substitute for learning from the vendor about their solution. I'm speaking here of the technical information, not the marketing information. The marketing information is also useful, at least from a familiarity standpoint, but the technical information is what you need.</p>
<p><span style="color:#800000;">Resource: For Windows Azure, the Systems Architect can start here:</span> <a href="http://sqlblog.com/b/buckwoody/archive/2012/06/13/windows-azure-write-run-or-use-software.aspx" target="_blank">http://blogs.msdn.com/b/buckwoody/archive/2012/06/13/windows-azure-write-run-or-use-software.aspx</a>&nbsp; </p>
<h2>Experience</h2>
<p>Cloud computing is relatively new - it's only been out a few years, and the main competitors are only now settling in to their respective areas. It might not be common for a Systems Architect to have a lot of hands-on experience with cloud projects.</p>
<p>Even so, there are ways to leverage the experience of others, such as direct contact or even attending conferences where customers present findings from their experiences.</p>
<p>You can also gain hands-on experience by setting up pilots and proof-of-concept projects yourself. Most all vendors - Microsoft included - have free time available on their systems. The key to an experiment like this is choosing some problem you are familiar with that exercises as many features in the platform as possible. There is no substitute for working with a platform when you want to design a solution. </p>
<h2>Coordination</h2>
<p>Probably one of the largest changes in the Systems Architect role that the cloud brings is in the area of coordination. When a Systems Architect deals with the business and other technical professionals, there is a 20+ year history of technology that we are all familiar with. When you mention "the cloud", those audiences may not have spent the time you have in understanding what that means - and often they think it means the "all or nothing" approach I mentioned earlier.</p>
<p>I've found that a series of "lunch and learns" for the technical staff is useful to explain to each role-group how the cloud is used in their area is useful. In the posts that follow this one, I'll give you some material for those. For managers and business professionals, you'll want to go a different route. I've found that an "Executive Briefing" e-mail, consisting of about a page, with headings that are applicable to your audience.</p>
<p><span style="color:#800000;">Resource: Writing Executive Summaries:</span> <a href="http://writing.colostate.edu/guides/guide.cfm?guideid=76" target="_blank">http://writing.colostate.edu/guides/guide.cfm?guideid=76</a> </p><img src="http://sqlblog.com/aggbug.aspx?PostID=47243" width="1" height="1">Application ArchitectureAzureCareerCloud ComputingComputingConceptsDataDesignWindows AzureBig Data - A Microsoft Tools Approachhttp://sqlblog.com/blogs/buck_woody/archive/2012/02/20/big-data-a-microsoft-tools-approach.aspxMon, 20 Feb 2012 21:16:00 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:41832BuckWoody1http://sqlblog.com/blogs/buck_woody/comments/41832.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=41832<p><em><span style="color:#c0504d;">(As with all of these types of posts, check the date of the latest update I&rsquo;ve made here. Anything older than 6 months is probably out of date, given the speed with which we release new features into Windows and SQL Azure)</span></em></p>
<p>I don&rsquo;t normally like to discuss things in terms of tools. I find that whenever you start with a given tool (or even a tool stack) it&rsquo;s too easy to fit the problem to the tool(s), rather than the other way around as it should be.</p>
<p>That being said, it&rsquo;s often useful to have an example to work through to better understand a concept. But like many ideas in Computer Science, &ldquo;Big Data&rdquo; is too broad a term in use to show a single example that brings out the multiple processes, use-cases and patterns you can use it for.</p>
<p>So we turn to a description of the tools you can use to analyze large data sets. &ldquo;Big Data&rdquo; is a term used lately to describe data sets that have the &ldquo;<a href="http://radar.oreilly.com/2012/01/what-is-big-data.html" target="_blank">Four V&rsquo;s</a>&rdquo;&nbsp; as a characteristic, but I have a simpler definition I like to use:</p>
<p align="center"><em><span style="color:#0000ff;font-size:small;">Big Data involves a data set too large to process in a reasonable period of time</span></em></p>
<p>I realize that&rsquo;s a bit broad, but in my mind it answers the question and is fairly future-proof. The general idea is that you want to analyze some data, and using whatever current methods, storage, compute and so on that you have at hand it doesn&rsquo;t allow you to finish processing it in a time period that you are comfortable with. I&rsquo;ll explain some new tools you can use for this processing.</p>
<p>Yes, this post is Microsoft-centric. There are probably posts from other vendors and open-source that cover this process in the way they best see fit. And of course you can always &ldquo;mix and match&rdquo;, meaning using Microsoft for one or more parts of the process and other vendors or open-source for another. I never advise that you use any one vendor blindly - educate yourself, examine the facts, perform some tests and choose whatever mix of technologies best solves your problem.</p>
<p>At the risk of being vendor-specific, and probably incomplete, I use the following short list of tools Microsoft has for working with &ldquo;Big Data&rdquo;. There is no single package that performs all phases of analysis. These tools are what I use; they should not be taken as a Microsoft authoritative testament to the toolset we&rsquo;ll finalize for a given problem-space. In fact, that&rsquo;s the key: find the problem and then fit the tools to that.</p>
<h2>Process Types</h2>
<p>I break up the analysis of the data into two process types. The first is examining and processing the data <em>in-line</em>, meaning as the data passes through some process. The second is a <em>store-analyze-present</em> process.</p>
<h2>Processing Data In-Line</h2>
<p>Processing data in-line means that the data doesn&rsquo;t have a destination - it remains in the source system. But as it moves from an input or is routed to storage within the source system, various methods are available to examine the data as it passes, and either trigger some action or create some analysis.</p>
<p>You might not think of this as &ldquo;Big Data&rdquo;, but in fact it can be. Organizations have huge amounts of data stored in multiple systems. Many times the data from these systems do not end up in a database for evaluation. There are options, however, to evaluate that data real-time and either act on the data or perhaps copy or stream it to another process for evaluation.</p>
<p>The advantage of an in-stream data analysis is that you don&rsquo;t necessarily have to store the data again to work with it. That&rsquo;s also a disadvantage - depending on how you architect the solution, you might not retain a historical record. One method of dealing with this requirement is to trigger a rollup collection or a more detailed collection based on the event.</p>
<p><strong>StreamInsight </strong>- StreamInsight is Microsoft&rsquo;s &ldquo;Complex Event Processing&rdquo; or CEP engine. This product, hooked into SQL Server 2008R2, has multiple ways of interacting with a data flow. You can create adapters to talk with systems, and then examine the data mid-stream and create triggers to do something with it. You can read more about StreamInsight here: <a title="http://msdn.microsoft.com/en-us/library/ee391416(v=sql.110).aspx" href="http://msdn.microsoft.com/en-us/library/ee391416(v=sql.110).aspx">http://msdn.microsoft.com/en-us/library/ee391416(v=sql.110).aspx</a>&nbsp;</p>
<p><strong>BizTalk </strong>- When there is more latency available between the initiation of the data and its processing, you can use Microsoft BizTalk. This is a message-passing and Service Bus oriented tool, and it can also be used to join system&rsquo;s data together than normally does not have a direct link, for instance a Mainframe system to SQL Server. You can learn more about BizTalk here: <a href="http://www.microsoft.com/biztalk/en/us/overview.aspx">http://www.microsoft.com/biztalk/en/us/overview.aspx</a>&nbsp;</p>
<p><strong>.NET and the Windows Azure Service Bus </strong>- Along the same lines as BizTalk but with a more programming-oriented design are the Windows and Windows Azure Service Bus tools. The Service Bus allows you to pass messages as well, and opens up web interactions and even inter-company routing. BizTalk can do this as well, but the Service Bus tools use an API approach for designing the flow and interfaces you want. The Service Bus offerings are also intended as near real-time, not as a streaming interface. You can learn more about the Windows Azure Service Bus here: <a href="http://www.windowsazure.com/en-us/home/tour/service-bus/">http://www.windowsazure.com/en-us/home/tour/service-bus/</a> and more about the Event Processing side here: <a href="http://msdn.microsoft.com/en-us/magazine/dd569756.aspx">http://msdn.microsoft.com/en-us/magazine/dd569756.aspx</a>&nbsp;</p>
<h2>Store-Analyze-Present</h2>
<p>A more traditional approach with an organization&rsquo;s data is to store the data and analyze it out-of-band. This began with simply running code over a data store, but as locking and blocking became an issue on a file system, Relational Database Management Systems (RDBMs) were created. Over time a distinction was made between data used in an online processing system, meant to be highly available for writing data (OLTP) and systems designed for analytical and reporting purposes (OLAP).</p>
<p>Later the data grew larger than these systems were designed for, primarily due to consistency requirements. In analysis, however, consistency isn&rsquo;t always a requirement, and so file-based systems for that analysis were re-introduced from the Mainframe concepts, with new technology layered in for speed and size.</p>
<p>I normally break up the process of analyzing large data sets into four phases:</p>
<ol>
<li><em>Source and Transfer </em>- Obtaining the data at its source and transferring or loading it into the storage; optionally transforming it along the way</li>
<li><em>Store and Process</em> - Data is stored on some sort of persistence, and in some cases an engine handles the acquisition and placement on persistent storage, as well as retrieval through an interface.</li>
<li>&nbsp;<em>Analysis </em>- A new layer introduced with &ldquo;Big Data&rdquo; is a separate analysis step. This is dependent on the engine or storage methodology, is often programming language or script based, and sometimes re-introduces the analysis back into the data. Some engines and processes combine this function into the previous phase.</li>
<li><em>Presentation</em> - In most cases, the data wants a graphical representation to comprehend, especially in a series or trend analysis. In other cases a simple symbolic representation, similar to the &ldquo;dashboard&rdquo; elements in a Business Intelligence suite. Presentation tools may also have an analysis or refinement capability to allow end-users to work with the data sets. As in the Analysis phase, some methodologies bundle in the Analysis and Presentation phases into one toolset.</li>
</ol>
<h3>Source and Transfer</h3>
<p>You&rsquo;ll notice in this area, along with those that follow, Microsoft is adopting not only its own technologies but those within open-source. This is a positive sign, and means that you will have a best-of-breed, supported set of tools to move the data from one location to another. Traditional file-copy, File Transfer Protocol and more are certainly options, but do not normally deal with moving datasets.</p>
<p>I&rsquo;ve already mentioned the ability of a streaming tool to push data into a store-analyze-present model, so I&rsquo;ll follow up that discussion with the tools that can extract data from one source and place it in another.</p>
<p><strong><span style="color:#800000;">SQL Server Integration Services (SSIS)/SQL Server Bulk Copy Program (BCP)</span> </strong>- SSIS is a SQL Server tool used to move data from one location to another, and optionally perform transform or other processes as it does so. You are not limited to working with SQL Server data - in fact, almost any modern source of data from text to various database platforms is available to move to various systems. It is also extremely fast and has a rich development environment. You can learn more about SSIS here: <a href="http://msdn.microsoft.com/en-us/library/ms141026.aspx">http://msdn.microsoft.com/en-us/library/ms141026.aspx</a> BCP is a tool that has been used with SQL Server data since the first releases; it has multiple sources and destinations as well. It is a command-line utility,and has some limited transform capabilities. You can learn more about BCP here: <a href="http://msdn.microsoft.com/en-us/library/ms162802.aspx">http://msdn.microsoft.com/en-us/library/ms162802.aspx</a>&nbsp;</p>
<p><strong><span style="color:#0000ff;"><span style="color:#800000;">Sqoop</span> </span></strong>- Tied to Microsoft&rsquo;s latest announcements with Hadoop on Windows and Windows Azure, Sqoop is a tool that is used to move data between SQL Server 2008R2 (and higher)&nbsp;and Hadoop, quickly and efficiently. You can read more about that in the Readme file here: <a href="http://www.microsoft.com/download/en/details.aspx?id=27584">http://www.microsoft.com/download/en/details.aspx?id=27584</a>&nbsp;</p>
<p><span style="color:#800000;"><strong>Application Programming Interfaces</strong></span> - API&rsquo;s exist in most every major language that can connect to one data source, access data, optionally transforming it and storing it in another system. Most every dialect of&nbsp; the .NET-based languages contain methods to perform this task.</p>
<h3>Store and Process</h3>
<p>Data at rest is normally used for historical analysis. In some cases this analysis is performed near real-time, and in others historical data is analyzed periodically. Systems that handle data at rest range from simple storage to active management engines.</p>
<p><strong><span style="color:#800000;">SQL Server</span></strong> - Microsoft&rsquo;s flagship RDBMS can indeed store massive amounts of complex data. I am familiar with a two systems in excess of 300 Terabytes of federated data, and the <a href="http://pan-starrs.ifa.hawaii.edu/public/" target="_blank">Pan-Starrs</a> project is designed to handle 1+ Petabyte of data. The theoretical limit of SQL Server DataCenter edition is 540 Petabytes. SQL Server is an engine, so the data access and storage is handled in an abstract layer that also handles concurrency for ACID properties. You can learn more about SQL Server here: <a href="http://www.microsoft.com/sqlserver/en/us/product-info/compare.aspx">http://www.microsoft.com/sqlserver/en/us/product-info/compare.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">SQL Azure Federations</span></strong> - SQL Azure is a database service from Microsoft associated with the Windows Azure platform. Database Servers are multi-tenant, but are shared across a &ldquo;fabric&rdquo; that moves active databases for redundancy and performance. Copies of all databases are kept triple-redundant with a consistent commitment model. Databases are (at this writing - check <a href="http://WindowsAzure.com">http://WindowsAzure.com</a> for the latest) capped at a 150 GB size limit per database. However, Microsoft released a &ldquo;Federation&rdquo; technology, allowing you to query a head node and have the data federated out to multiple databases. This improves both size and performance. You can read more about SQL Azure Federations here: <a href="http://social.technet.microsoft.com/wiki/contents/articles/2281.federations-building-scalable-elastic-and-multi-tenant-database-solutions-with-sql-azure.aspx">http://social.technet.microsoft.com/wiki/contents/articles/2281.federations-building-scalable-elastic-and-multi-tenant-database-solutions-with-sql-azure.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">Analysis Services</span></strong> - The Business Intelligence engine within SQL Server, called Analysis Services, can also handle extremely large data systems. In addition to traditional BI data store layouts (ROLAP, MOLAP and HOLAP), the latest version of SQL Server introduces the Vertipaq column-storage technology allowing more direct access to data and a different level of compression. You can read more about Analysis Services here: <a href="http://www.microsoft.com/sqlserver/en/us/solutions-technologies/business-intelligence/analysis-services.aspx">http://www.microsoft.com/sqlserver/en/us/solutions-technologies/business-intelligence/analysis-services.aspx</a> and more about Vertipaq here: <a href="http://msdn.microsoft.com/en-us/library/hh212945(v=SQL.110).aspx">http://msdn.microsoft.com/en-us/library/hh212945(v=SQL.110).aspx</a></p>
<p><span style="color:#800000;"><strong>Parallel Data Warehouse </strong></span>- The Parallel Data Warehouse (PDW) offering from Microsoft is largely described by the title. Accessed in multiple ways including using Transact-SQL (the Microsoft dialect of the Structured Query Language), <a href="http://sqlpdw.com/2010/07/what-mpp-means-to-sql-server-parallel-data-warehouse/" target="_blank">This is an MPP appliance</a>&nbsp;scaling in parallel to extremely large datasets. It is a hardware and software offering - you can learn more about it here: <a href="http://www.microsoft.com/sqlserver/en/us/solutions-technologies/data-warehousing/pdw.aspx">http://www.microsoft.com/sqlserver/en/us/solutions-technologies/data-warehousing/pdw.aspx</a></p>
<p><strong><span style="color:#800000;">HPC Server</span></strong> - Microsoft&rsquo;s High-Performance Computing version of Windows Server deals not only with large data sets, but with extremely complicated computing requirements. A scale-out architecture and inter-operation with Linux systems, as well as dozens of applications pre-written to work with this server make this a capable &ldquo;Big Data&rdquo; system. It is a mature offering, with a long track record of success in scientific, financial and other areas of data processing. It is available both on premises and in Windows Azure, and also in a hybrid of both models, allowing you to &ldquo;rent&rdquo; a super-computer when needed. You can read more about it here: <a href="http://www.microsoft.com/hpc/en/us/product/cluster-computing.aspx">http://www.microsoft.com/hpc/en/us/product/cluster-computing.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">Hadoop</span></strong> - Pairing up with Hortonworks, Microsoft has released the Hadoop Open-Source system -&nbsp; including HDFS and a Map/Reduce standardized software, Hive and Pig - on Windows and the Windows Azure platform. This is not a customized version; off-the-shelf concepts and queries work well here. You can read more about Hadoop here: <a href="http://hadoop.apache.org/common/docs/current/">http://hadoop.apache.org/common/docs/current/</a> and you can read more about Microsoft&rsquo;s offerings here: <a href="http://hortonworks.com/partners/microsoft/">http://hortonworks.com/partners/microsoft/</a>&nbsp;and here: <a href="http://social.technet.microsoft.com/wiki/contents/articles/6204.hadoop-based-services-for-windows.aspx">http://social.technet.microsoft.com/wiki/contents/articles/6204.hadoop-based-services-for-windows.aspx</a></p>
<p><strong><span style="color:#800000;">Windows and Azure Storage</span></strong> - Although not an engine - other than a triple-redundant, immediately consistent commit - Windows Azure can hold terabytes of information and make it available to everything from the R programming language to the Hadoop offering. Binary storage (Blobs) and Table storage (Key-Value Pair) data can be queried across a distributed environment. You can learn more about Windows Azure storage here: <a href="http://msdn.microsoft.com/en-us/library/windowsazure/gg433040.aspx">http://msdn.microsoft.com/en-us/library/windowsazure/gg433040.aspx</a>&nbsp;</p>
<h3>Analysis</h3>
<p>In a &ldquo;Big Data&rdquo; environment, it&rsquo;s not unusual to have a specialized set of tasks for analyzing and even interpreting the data. This is a new field called &ldquo;data Science&rdquo;, with a requirement not only for computing, but also a heavy emphasis on math.</p>
<p><span style="color:#800000;"><strong>Transact-SQL </strong></span>- T-SQL is the dialect of the Structured Query Language used by Microsoft. It includes not only robust selection, updating and manipulating of data, but also analytical and domain-level interrogation as well. It can be used on SQL Server, PDW and ODBC data sources. You can read more about T-SQL here: <a href="http://msdn.microsoft.com/en-us/library/bb510741.aspx">http://msdn.microsoft.com/en-us/library/bb510741.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">Multidimensional Expressions and Data Analysis Expressions</span></strong> - The MDX and DAX languages allow you to query multidimensional data models that do not fit well with typical two-plane query languages. Pivots, aggregations and more are available within these constructs to query and work with data in Analysis Services. You can read more about MDX here: <a href="http://msdn.microsoft.com/en-us/library/ms145506(v=sql.110).aspx">http://msdn.microsoft.com/en-us/library/ms145506(v=sql.110).aspx</a> and more about DAX here: <a href="http://www.microsoft.com/download/en/details.aspx?id=28572">http://www.microsoft.com/download/en/details.aspx?id=28572</a>&nbsp;</p>
<p><strong><span style="color:#800000;">HPC Jobs and Tasks </span></strong>- Work submitted to the Windows HPC Server has a particular job - essentially a reservation request for resources. Within a job you can submit tasks, such as parametric sweeps and more. You can learn more about Jobs and Tasks here: <a href="http://technet.microsoft.com/en-us/library/cc719020(v=ws.10).aspx">http://technet.microsoft.com/en-us/library/cc719020(v=ws.10).aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">HiveQL </span></strong>- HiveQL is the language used to query a Hive object running on Hadoop. You can see a tutorial on that process here: <a href="http://social.technet.microsoft.com/wiki/contents/articles/6628.aspx">http://social.technet.microsoft.com/wiki/contents/articles/6628.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">Piglatin </span></strong>- Piglatin is the submission language for the Pig implementation on Hadoop. An example of that process is here: <a href="http://sqlblog.com/b/avkashchauhan/archive/2012/01/10/running-apache-pig-pig-latin-at-apache-hadoop-on-windows-azure.aspx">http://blogs.msdn.com/b/avkashchauhan/archive/2012/01/10/running-apache-pig-pig-latin-at-apache-hadoop-on-windows-azure.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">Application Programming Interfaces </span></strong>- Almost all of the analysis offerings have associated API&rsquo;s - of special note is Microsoft Research&rsquo;s Infer.NET, a new language construct for framework for running Bayesian inference in graphical models, as well as probabilistic programming. You can read more about Infer.NET here: <a href="http://research.microsoft.com/en-us/um/cambridge/projects/infernet/">http://research.microsoft.com/en-us/um/cambridge/projects/infernet/</a>&nbsp;</p>
<h3>Presentation</h3>
<p>Lots of tools work in presenting the data once you have done the primary analysis. In fact, there&rsquo;s a great video of a comparison of various tools here: <a href="http://msbiacademy.com/Lesson.aspx?id=73">http://msbiacademy.com/Lesson.aspx?id=73</a> Primarily focused on Business Intelligence. That term itself is now not as completely defined, but the tools I&rsquo;ll show below can be used in multiple ways - not just traditional Business Intelligence scenarios. Application Programming Interfaces (API&rsquo;s) can also be used for presentation; but I&rsquo;ll focus here on &ldquo;out of the box&rdquo; tools.</p>
<p><strong><span style="color:#800000;">Excel</span></strong> - Microsoft&rsquo;s Excel can be used not only for single-desk analysis of data sets, but with larger datasets as well. It has interfaces into SQL Server, Analysis Services, can be connected to the PDW, and is a first-class job submission system for the Windows HPC Server. You can watch a video about Excel and big data here: <a href="http://www.microsoft.com/en-us/showcase/details.aspx?uuid=e20b7482-11c9-4965-b8f0-7fb6ac7a769f">http://www.microsoft.com/en-us/showcase/details.aspx?uuid=e20b7482-11c9-4965-b8f0-7fb6ac7a769f</a>&nbsp;and you can also connect Excel to Hadoop: <a href="http://social.technet.microsoft.com/wiki/contents/articles/how-to-connect-excel-to-hadoop-on-azure-via-hiveodbc.aspx">http://social.technet.microsoft.com/wiki/contents/articles/how-to-connect-excel-to-hadoop-on-azure-via-hiveodbc.aspx</a></p>
<p><strong><span style="color:#800000;">Reporting Services</span></strong> - Reporting Services is a SQL Server tool that can query and show data from multiple sources, all at once. It can also be used with Analysis Services. You can read more about Reporting Services here: <a href="http://www.microsoft.com/sqlserver/en/us/solutions-technologies/business-intelligence/reporting-services.aspx">http://www.microsoft.com/sqlserver/en/us/solutions-technologies/business-intelligence/reporting-services.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">Power View</span></strong> - Power View is a &ldquo;Self-Service&rdquo; Business Intelligence reporting tool, which can work with on-premises data in addition to SQL Azure and other data. You can read more about it and see videos of Power View in action here: <a href="http://www.microsoft.com/sqlserver/en/us/future-editions/business-intelligence/SQL-Server-2012-reporting-services.aspx">http://www.microsoft.com/sqlserver/en/us/future-editions/business-intelligence/SQL-Server-2012-reporting-services.aspx</a>&nbsp;</p>
<p><strong><span style="color:#800000;">SharePoint Services -</span></strong> Microsoft has rolled several capable tools in SharePoint as &ldquo;Services&rdquo;. This has the advantage of being able to integrate into the working environment of many companies. You can read more about&nbsp; lots of these reporting and analytic presentation tools here: <a href="http://technet.microsoft.com/en-us/sharepoint/ee692578">http://technet.microsoft.com/en-us/sharepoint/ee692578</a>&nbsp;</p>
<p>This is by no means an exhaustive list - more capabilities are added all the time to Microsoft&rsquo;s products, and things will surely shift and merge as time goes on. Expect today&rsquo;s &ldquo;Big Data&rdquo; to be tomorrow&rsquo;s &ldquo;Laptop Environment&rdquo;.</p><img src="http://sqlblog.com/aggbug.aspx?PostID=41832" width="1" height="1">AzureBusiness IntelligenceCloudCloud ComputingConceptsDataData ProfessionalDesignDeveloperMicrosoftSQL AzureStorageWindows 2008Windows AzureThe Data Scientisthttp://sqlblog.com/blogs/buck_woody/archive/2011/11/15/the-data-scientist.aspxTue, 15 Nov 2011 15:00:18 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:39814BuckWoody1http://sqlblog.com/blogs/buck_woody/comments/39814.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=39814<p>A new term - well, perhaps not that new - has come up and I’m actually very excited about it. The term is Data Scientist, and since it’s new, it’s fairly undefined. I’ll explain what I <em>think</em> it means, and why I’m excited about it.</p> <p>In general, I’ve found the term deals at its most basic with analyzing data. Of course, we all do that, and the term itself in that definition is redundant. There is no science that I know of that does not work with analyzing lots of data. But the term seems to refer to more than the common practices of looking at data visually, putting it in a spreadsheet or report, or even using simple coding to examine data sets. </p> <p>The term Data Scientist (as far as I can make out this early in it’s use) is someone who has a strong understanding of data sources, relevance (statistical and otherwise) and processing methods as well as front-end displays of large sets of complicated data. Some - but not all - Business Intelligence professionals have these skills. In other cases, senior developers, database architects or others fill these needs, but in my experience, many lack the strong mathematical skills needed to make these choices properly. </p> <p>I’ve divided the knowledge base for someone that would wear this title into three large segments. It remains to be seen if a given Data Scientist would be responsible for knowing all these areas or would specialize. There are pretty high requirements on the math side, specifically in graduate-degree level statistics, but in my experience a company will only have a few of these folks, so they are expected to know quite a bit in each of these areas. </p> <p><strong>Persistence</strong></p> <p>The first area is finding, cleaning and storing the data. In some cases, no cleaning is done prior to storage - it’s just identified and the cleansing is done in a later step. This area is where the professional would be able to tell if a particular data set should be stored in a Relational Database Management System (RDBMS), across a set of key/value pair storage (NoSQL) or in a file system like HDFS (part of the Hadoop landscape) or other methods. Or do you examine the stream of data without storing it in another system at all? </p> <p>This is an important decision - it’s a foundation choice that deals not only with a lot of expense of purchasing systems or even using Cloud Computing (PaaS, SaaS or IaaS) to source it, but also the skillsets and other resources needed to care and feed the system for a long time. The Data Scientist sets something into motion that will probably outlast his or her career at a company or organization.</p> <p>Often these choices are made by senior developers, database administrators or architects in a company. But sometimes each of these has a certain bias towards making a decision one way or another. The Data Scientist would examine these choices in light of the data itself, starting perhaps even before the business requirements are created. The business may not even be aware of all the strategic and tactical data sources that they have access to. </p> <p><strong>Processing</strong></p> <p>Once the decision is made to store the data, the next set of decisions are based around how to process the data. An RDBMS scales well to a certain level, and provides a high degree of ACID compliance as well as offering a well-known set-based language to work with this data. In other cases, scale should be spread among multiple nodes (as in the case of Hadoop landscapes or NoSQL offerings) or even across a Cloud provider like Windows Azure Table Storage. In fact, in many cases - most of the ones I’m dealing with lately - the data should be split among multiple types of processing environments. This is a newer idea. Many data professionals simply pick a methodology (RDBMS with Star Schemas, NoSQL, etc.) and put all data there, regardless of its shape, processing needs and so on. </p> <p>A Data Scientist is familiar not only with the various processing methods, but how they work, so that they can choose the right one for a given need. This is a huge time commitment, hence the need for a dedicated title like this one. </p> <p><strong>Presentation</strong></p> <p>This is where the need for a Data Scientist is most often already being filled, sometimes with more or less success. The latest Business Intelligence systems are quite good at allowing you to create amazing graphics - but it’s the data behind the graphics that are the most important component of truly effective displays. </p> <p>This is where the mathematics requirement of the Data Scientist title is the most unforgiving. In fact, someone without a good foundation in statistics is not a good candidate for creating reports. Even a basic level of statistics can be dangerous. Anyone who works in analyzing data will tell you that there are multiple errors possible when data just seems right - and basic statistics bears out that you’re on the right track - that are only solvable when you understanding why the statistical formula works the way it does. </p> <p>And there are lots of ways of presenting data. Sometimes all you need is a “yes” or “no” answer that can only come after heavy analysis work. In that case, a simple e-mail might be all the reporting you need. In others, complex relationships and multiple components require a deep understanding of the various graphical methods of presenting data. Knowing which kind of chart, color, graphic or shape conveys a particular datum best is essential knowledge for the Data Scientist. </p> <p><strong>Why I’m excited</strong></p> <p>I love this area of study. I like math, stats, and computing technologies, but it goes beyond that. I love what data can do - how it can help an organization. I’ve been fortunate enough in my professional career these past two decades to work with lots of folks who perform this role at companies from aerospace to medical firms, from manufacturing to retail. </p> <p>Interestingly, the size of the company really isn’t germane here. I worked with one very small bio-tech (cryogenics) company that worked deeply with analysis of complex interrelated data. </p> <p>So&#160; watch this space. No, I’m not leaving Azure or distributed computing or Microsoft. In fact, I think I’m perfectly situated to investigate this role further. We have a huge set of tools, from RDBMS to Hadoop to allow me to explore. And I’m happy to share what I learn along the way. </p><img src="http://sqlblog.com/aggbug.aspx?PostID=39814" width="1" height="1">AzureBusiness IntelligenceCareerConceptsDataData ProfessionalDBADeveloperSQL AzureSQL ServerWindows AzureBig Data and the Cloud - More Hype or a Real Workload?http://sqlblog.com/blogs/buck_woody/archive/2011/10/18/big-data-and-the-cloud-more-hype-or-a-real-workload.aspxTue, 18 Oct 2011 13:57:36 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:39156BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/39156.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=39156<p>Last week Microsoft announced several new offerings for “Big Data” - and since I’m a stickler for definitions, I wanted to make sure I understood what that really means. What is “Big Data”? What size hard drive is that? After all, my laptop has 1TB of storage - is my laptop “Big Data”?</p> <p>There are actually a few definitions for this term, most notably those involving the <a href="http://nosql.mypopescu.com/post/9621746531/a-definition-of-big-data" target="_blank">“Four V’s” Volume, Velocity, Variety and Variability</a>. Others <a href="http://nosql.mypopescu.com/post/10120087314/big-data-and-the-4-vs-volume-velocity-variety" target="_blank">disagree with this</a> definition. I tend to try and get things into their simplest form, so I’m using this definition for myself:</p> <p align="center"><font color="#c0504d" size="3">Big data is defined as a <em>large set </em>of <em>computationally expensive </em>data that is <em>worked on simultaneously</em>.</font> </p> <p>Let me flesh that out a&#160; little. To be sure, “Big Data” has a larger size than say a few megabytes. The reason this is important is that it takes special hardware to be able to move large sets of data around, store it, process it and so on. (<font color="#c0504d">large set</font>)</p> <p>If you store a LOT of data, but only use a small portion of it at a time, that really isn’t super-hard to do. It’s mainly a storage issue at that point. But, if you do need to work with a large portion of the data at one time, then the memory, CPU and transfer components of the system have to adapt to be responsive - new ways to work with that data (game theory, knot-algorithms, map-reduce, etc.) need to be brought into play. (<font color="#c0504d">computationally expensive</font>)</p> <p>Once that data is loaded into the processing area (memory or whatever other mechanism is used) it must be worked on in parallel to come back in a reasonable time. You have two options here - you can scale the system up with more internal hardware (CPU’s, memory and so on) or you can scale it out to have multiple systems work on it at the same time using paradigms such as map/reduce and so on. Actually, when you lay this out in an architecture diagram, scale up or out doesn’t actually change the logical structure of the process - in scale out the network becomes the bus, and the nodes become more RAM and computing power. Of course, there are changes in code for how you stitch the workload back together. (<font color="#c0504d">worked on simultaneously</font>)</p> <p>So back to the original question. Is Big Data, as I have defined it here, a workload for Windows and SQL Azure? Absolutely! In fact, it’s probably one of the main workloads, and I believe it represents the latest, and perhaps also the earliest frontier of computing. Jim <a href="http://research.microsoft.com/en-us/um/people/gray/" target="_blank">Gray, a former researcher here at Microsoft and a hero of mine, was working on this very topic.</a> I believe as he did - all computing is simply an interface over data. </p> <p>Microsoft has multiple offerings on the topic of Big Data. In posts that follow from myself and my co-workers, we’ll explore when and where you use each one. Whether you are a data professional or a developer, this is the new frontier - <a href="http://www.straightpathsql.com/archives/2011/10/microsoft-loves-your-big-data/" target="_blank">don’t wait to educate yourself</a> on how to leverage Big Data for your organization. </p> <p><strong>Hadoop on Windows Azure and SQL Server&#160; </strong>- Microsoft’s <a href="http://www.hortonworks.com/the-whys-behind-the-microsoft-and-hortonworks-partnership/" target="_blank">partnership to include Hadoop workloads on Windows Azure</a> and <a href="http://www.microsoft.com/download/en/details.aspx?id=27584" target="_blank">SQL Server/Parallel Data Warehouse (PDW)</a></p> <p><strong>LINQ to HPC </strong>- Microsoft’s High-Performance Computing SKU of <a href="http://blogs.technet.com/b/windowshpc/archive/2011/05/20/dryad-becomes-linq-to-hpc.aspx" target="_blank">HPC is now in Azure</a></p> <p><strong>Windows Azure Table Storage </strong>- A <a href="http://msdn.microsoft.com/en-us/library/windowsazure/hh508997.aspx" target="_blank">key/value pair type storage with full partitioning</a> that is immediately consistent, able to handle huge loads of data and works with any REST-compatible language</p> <p>&#160;<strong>Other offerings </strong>- Including the new <a href="http://www.microsoft.com/en-us/sqlazurelabs/default.aspx" target="_blank">Data Explorer</a>, <a href="http://research.microsoft.com/en-us/news/headlines/daytona-071811.aspx" target="_blank">Project Daytona (with a Big Data Toolkit for Scientists and researchers)</a>, <a href="http://www.microsoft.com/sqlserver/en/us/future-editions/SQL-Server-2012-breakthrough-insight.aspx" target="_blank">Power View</a> and more. </p> <p>The era of Big Data is here. And you can use Windows and SQL Azure to bring it to your organization. </p><img src="http://sqlblog.com/aggbug.aspx?PostID=39156" width="1" height="1">AzureAzure Use CasesCareerCloudCloud ComputingConceptsConferencesDataData ProfessionalDBADeveloperMicrosoftPASSPolicy Based ManagementSQL AzureSQL ServerSQLServerStorageWindows AzureWindows Azure Security Reviewhttp://sqlblog.com/blogs/buck_woody/archive/2011/08/02/windows-azure-security-review.aspxTue, 02 Aug 2011 13:24:50 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:37432BuckWoody4http://sqlblog.com/blogs/buck_woody/comments/37432.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=37432<p><em><font color="#d19049">Current as of 08/01/2011 - Check the Resources listed below for more up-to-date information on this topic</font></em></p> <p><strong>Background:</strong></p> <p>Security for any computing platform involves three primary areas:</p> <ol> <li><font color="#ff0000">Principals</font> (users or programmatic access to an asset or other program) </li> <li><font color="#ff0000">Securables</font> (objects, data or programs that can be accessed) </li> <li><font color="#ff0000">Channels</font> (methods of access by Principals to Securables) </li> </ol> <p>On-premise systems normally use a central system to control security. In a Windows operating system-based environment, this is <a href="http://technet.microsoft.com/en-us/library/cc758436(WS.10).aspx" target="_blank">often accomplished with Active Directory</a> or other systems that&#160; provide sign-on and user identity information. While other networking security paradigms have different terminology, all involve the three areas defined above. </p> <p>In addition to the names and passwords for a user, Active Directory (like other security mechanisms) store other information about Principals - called <em><a href="http://claimsid.codeplex.com/" target="_blank">Claims</a></em>. These claims can include any custom fields the provider allows. In many networks, these fields are not used heavily, because applications that eventually need to secure the assets they control are not always deployed on the same platforms everywhere. </p> <p>In a single environment, security is often quite simple. A Principal is created such as a user or group, and then the Principal is granted access to a Securable such as a a folder, database or other asset. Permissions or Rights (or both) combine to allow a particular Principal to read, write, delete or edit data, or to access or run a particular program.</p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/3324.Figure1_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure1" border="0" alt="Figure1" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/5140.Figure1_5F00_thumb.png" width="549" height="398" /></a></p> <p><em><font color="#008000">Figure 1 - On-premise security environment example</font></em></p> <p>The simplicity of this arrangement is due to a single, homogenous boundary. Even if more than one location is used, the Principals and Securables are grouped into a single logical boundary that is managed from one location. </p> <p>This background serves as the starting point for the Federating Security topic below.</p> <p><strong>Windows Azure Security Boundaries</strong></p> <p>Windows Azure is a series of resources - servers, data and service buses, in addition to other features. Developers write code, and the deploy that to the Azure environment. </p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/1665.Figure2a_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure2a" border="0" alt="Figure2a" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/3480.Figure2a_5F00_thumb.png" width="702" height="471" /></a></p> <p><em><font color="#008000">Figure 2 - Azure Components</font></em></p> <p>The code or data can be deployed to use one or more of the services. In other words, the <a href="http://www.31a2ba2a-b718-11dc-8314-0800200c9a66.com/2010/12/how-to-combine-worker-and-web-role-in.html" target="_blank">Web Role in Windows Azure might host a simple website</a>, and no other component need be used. </p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/4073.Figure2_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure2" border="0" alt="Figure2" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/1258.Figure2_5F00_thumb.png" width="737" height="252" /></a></p> <p><em><font color="#008000">Figure 3 - Simple Azure Web Role Application - only one feature used</font></em></p> <p>Or, <a href="http://blogs.msdn.com/b/buckwoody/archive/2011/02/22/windows-azure-use-case-hybrid-applications.aspx" target="_blank">a complex mix of Web, Worker and Data Services, along with a Service Bus, RDBS and even on-site systems</a> can be grouped into a much larger program. </p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/6136.Figure4_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure4" border="0" alt="Figure4" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/4863.Figure4_5F00_thumb.png" width="735" height="456" /></a></p> <p><em><font color="#008000">Figure 4 - Complex Windows and SQL Azure Application With Multiple Interactions</font></em></p> <p>For a more basic introduction to Windows and SQL Azure, see this link: <a href="http://channel9.msdn.com/Events/TechEd/Europe/2010/COS322">http://channel9.msdn.com/Events/TechEd/Europe/2010/COS322</a>&#160;</p> <p>Windows Azure, like any web-based property, has three general layers of security:</p> <ol> <li><font color="#ff0000">Physical Access</font> </li> <li><font color="#ff0000">Operating Environment (Including the Operating System itself)</font> </li> <li><font color="#ff0000">Data and Programmatic Security</font> </li> </ol> <p>Each of these layers have additional layers within themselves, and this forms the basis of a secure experience for the end user or program. Some of these layers are the responsibility of Microsoft; others are the responsibility of the architect and developer; others are a joint or shared responsibility of both Microsoft and the client.</p> <p><em><font color="#0000ff">Layer One: Physical Access</font></em></p> <p>The first layer of security within a web property such as Windows or SQL Azure is a secure facility. the following data points are important to understand for the worldwide facilities that host Windows and SQL Azure:</p> <ul> <li>Microsoft Global Foundation Services (GFS) is responsible for the physical security of the datacenters located worldwide for Windows and SQL Azure. Information on Microsoft datacenters can be found here:&#160; <a href="http://www.globalfoundationservices.com/">http://www.globalfoundationservices.com/</a> </li> <li>The address and exact locations facilities are not commonly documented for security reasons. </li> <li>Microsoft runs it’s own data centers and does not contract this function out. </li> <li>The GFS controlled facilities hold an ISO/IEC 27001:2005 certification, and are audited to SAS level II. </li> <li>Standard secure operations protocols are in place, including least-privilege access. </li> </ul> <p><em><font color="#0000ff">Layer Two: Operating Environment</font></em></p> <p>Windows Azure and SQL Azure do not currently hold certifications. Microsoft does not comment on the security certifications being pursued for Windows or SQL Azure. That being said, the Windows Azure environment is based on a modified Windows 2008 R2 Enterprise environment, developed using the Trustworthy Computing Initiative (TCI). </p> <p>The system controlling the host machines and their guest environments that ultimately hold the Web and Worker Roles within Windows Azure is called the Fabric - not to be confused with the Application Fabric feature. The Fabric is not accessible by client code - it controls the inner workings of Windows Azure, including Load-balancing, system restarts, maintenance and monitoring. </p> <p>Within the host machines that house the Web and Worker Roles, special networking constructs broker all conversations between Virtual Machines. Virtual Machines - even ones configured to communicate with each other - move through this network. Direct-machine to machine communication is not allowed, protecting one application from another or one data construct from another.</p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/8015.Figure5_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure5" border="0" alt="Figure5" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/8182.Figure5_5F00_thumb.png" width="720" height="351" /></a></p> <p><em><font color="#008000">Figure 5 - Windows Azure Fabric</font></em></p> <p>Windows and SQL Azure support only TCP-based communications. Ports commonly used are:&#160; </p> <ul> <li>80 - Default public port used for Web Roles - can be enabled/disabled per configuration </li> <li>443 - Default secure port used for Web roles - <a href="http://msdn.microsoft.com/en-us/gg271302" target="_blank">can be enabled/disabled per configuration</a> </li> <li>9350-9353 - These ports are used by the Windows Azure AppFabric service bus bindings. Refer to <a href="http://msdn.microsoft.com/en-us/library/ee732535.aspx">http://msdn.microsoft.com/en-us/library/ee732535.aspx</a> for more details </li> <li>1433 - SQL Azure </li> <li>3389 - This port is used for RDP access to VM-based roles, only if enabled </li> </ul> <p><em><font color="#0000ff">Layer Three: Data and Programmatic Security</font></em></p> <p>All internal access through use of keys only. Without the proper key, code or data will not transfer. Storage Accounts have individual keys, so in this manner different security layers may be applied not only programmatically but at the account layer. </p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/6840.Figure6_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure6" border="0" alt="Figure6" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/4370.Figure6_5F00_thumb.png" width="703" height="290" /></a></p> <p><em><font color="#008000">Figure 6 - Windows Azure communications between components</font></em></p> <p>Calls to Windows Azure are made using standard SOAP, XML or REST-based protocols. The communications channel can be encrypted between the client and Windows Azure or allow it to remain unencrypted based on security needs. </p> <p>SQL Azure uses the standard SQL Server Tabular Data Stream (TDS) protocol, but only allows encrypted communications.</p> <p>Data is unencrypted within Windows Azure Blob or Table Storage - but is only accessible via the key for a storage account. <a href="http://blogs.msdn.com/b/plankytronixx/archive/2010/10/23/crypto-primer-understanding-encryption-public-private-key-signatures-and-certificates.aspx" target="_blank">Data can be encrypted client-side and stored in Windows Azure in an encrypted fashion</a>. Microsoft does not inspect internal data for validity or encryption enforcement.&#160; The key is that the data is client-side encrypted and decrypted.</p> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/8203.Figure7_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure7" border="0" alt="Figure7" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/4466.Figure7_5F00_thumb.png" width="702" height="307" /></a></p> <p><em><font color="#008000">Figure 7 - Example data at rest encryption scenario </font></em></p> <p>Alternatively, a hybrid solution can store sensitive data locally and non-sensitive data in Azure Storage. The data can be coalesced at the client level such that the data is never transferred over any channel not owned or controlled by the organization.</p> <p><strong>Federating Security:</strong></p> <p>In the case of a single security boundary for Windows Azure, multiple security options are available. Users can be anonymously authorized, such as in the case of a public website for advertisement or informational purposes. </p> <p>Another option is to create an Internet Information Services (IIS) Internal Security Store. This is not a best-practice (although still possible) approach since the Fabric services within Windows Azure may recycle an instance and the session may sever between a given role and a client. Architecting stateless applications is a preferred approach.</p> <p>Using Claims-Based Authentication is a better solution. In this approach, the Principal is authenticated through a trusted party, such as Active Directory, OpenID, OpenAuthentication, or LiveID. Many web-properties use these methods, such as Microsoft, Google, Yahoo and Facebook to name a few. After authenticating with one of these services, the client is issued Claims using the WS-Federation (WS-Fed) or Security Assertion Markup Language (SAML)&#160; that are passed to Windows Azure. At no time does Windows Azure store, transfer or interrogate the Principal’s security token. Claims can be anything from a group or role membership to location or any other settable attribute. Assets are then secured allowing only the Claim, without regard to the user’s location or access method. In this fashion a single security paradigm covers the Securables, with the Principals being controlled in any number of other mechanisms. This allows single-sign-on and/or federated security access from multiple providers. </p> <p>The simplest mechanism for building this environment is the Access Control Services (ACS) feature found in the Windows Azure Application Fabric component. It is a federated authorization management service that simplifies user access authorization across organizations and ID providers and performs claims transformation to map identities with access levels.</p> <p>ACS can:</p> <ul> <li>Create and manage scopes such as URLs </li> <li>Create and manage claim types </li> <li>Create and manage signing and encryption keys </li> <li>Create and manage rules within an application scope </li> <li>Chain claims rules </li> <li>Manage permissions on scopes or perform delegation </li> </ul> <p><a href="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/2728.Figure8_5F00_2.png"><img style="background-image:none;border-right-width:0px;padding-left:0px;padding-right:0px;display:inline;border-top-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;" title="Figure8" border="0" alt="Figure8" src="http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-79-metablogapi/5852.Figure8_5F00_thumb.png" width="693" height="410" /></a></p> <p><em><font color="#008000">Figure 8 - Federated Security Example </font></em></p> <p>Full information on the Access Control Service is available at this link:&#160; <a href="http://social.technet.microsoft.com/wiki/contents/articles/windows-identity-foundation-wif-and-azure-appfabric-access-control-service-acs-survival-guide.aspx?wa=wsignin1.0"><u><font color="#0066cc">http://social.technet.microsoft.com/wiki/contents/articles/windows-identity-foundation-wif-and-azure-appfabric-access-control-service-acs-survival-guide.aspx?wa=wsignin1.0</font></u></a></p> <p>Since the Web and Worker Roles within Windows Azure are designed to be stateless, Microsoft created a Certification Store within the Management area to hold Certificates that can be called from within code. An example of using the Certification Store is here: <a href="http://blogs.msdn.com/b/jnak/archive/2010/01/29/installing-certificates-in-windows-azure-vms.aspx">http://blogs.msdn.com/b/jnak/archive/2010/01/29/installing-certificates-in-windows-azure-vms.aspx</a>&#160;</p> <p><strong>Additional Resources:</strong></p> <p><span style="color:#1f497d;font-size:10pt;"><font face="Calibri">Official, authoritative security resource list: <a href="http://msdn.microsoft.com/en-us/library/ff934690.aspx"><font face="Arial"></font><a href="http://msdn.microsoft.com/en-us/library/ff934690.aspxTechnical">http://msdn.microsoft.com/en-us/library/ff934690.aspx</a></a> <br /></a></font><span style="color:#1f497d;font-size:10pt;"><font face="Calibri">Technical</font> Overview of the Security Features in the Windows Azure Platform: </span><a href="http://www.microsoft.com/online/legal/?langid=en-us&amp;docid=11"><u><font color="#0000ff" face="Calibri">http://www.microsoft.com/online/legal/?langid=en-us&amp;docid=11</font></u></a><font face="Calibri">. <br /></font></span><span style="color:#1f497d;font-size:10pt;"><font face="Calibri">Windows Azure Security Overview: </font><a href="http://www.globalfoundationservices.com/security/documents/WindowsAzureSecurityOverview1_0Aug2010.pdf"><u><font color="#0000ff" face="Calibri">http://www.globalfoundationservices.com/security/documents/WindowsAzureSecurityOverview1_0Aug2010.pdf</font></u></a> <br /></span><span style="color:#1f497d;font-size:10pt;"><font face="Calibri">Windows Azure Privacy: </font><a href="http://www.microsoft.com/online/legal/?langid=en-us&amp;docid=11"><u><font color="#0000ff" face="Calibri">http://www.microsoft.com/online/legal/?langid=en-us&amp;docid=11</font></u></a> <br /></span><span style="color:#1f497d;font-size:10pt;"><font face="Calibri">Securing Microsoft Cloud Infrastructure: </font><a href="http://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf"><u><font color="#0000ff" face="Calibri">http://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf</font></u></a><font face="Calibri">. <br /></font></span>A list of other security resources is here: <a href="http://blogs.msdn.com/b/buckwoody/archive/2010/12/07/windows-azure-learning-plan-security.aspx">http://blogs.msdn.com/b/buckwoody/archive/2010/12/07/windows-azure-learning-plan-security.aspx</a>&#160;</p> <p><font color="#0000ff" size="1"><em>Image Attribution: David Pallmann: </em></font><a href="http://davidpallmann.blogspot.com/2011/07/windows-azure-design-patterns-part-1.html"><font color="#0000ff" size="1"><em>http://davidpallmann.blogspot.com/2011/07/windows-azure-design-patterns-part-1.html</em></font></a></p><img src="http://sqlblog.com/aggbug.aspx?PostID=37432" width="1" height="1">Application ArchitectureApplication FabricAzureBest PracticesCloudCloud ComputingConceptsDataDesignEncryptionPlatform IndependenceSOASQL AzureWalkthroughsWebWindows AzureSQL Azure Use Case: Shared Storage Applicationhttp://sqlblog.com/blogs/buck_woody/archive/2011/04/26/sql-azure-use-case-shared-storage-application.aspxTue, 26 Apr 2011 13:33:50 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:35207BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/35207.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=35207<p><span style="font-size:x-small;"><em><span style="font-size:small;">This is one in a series of posts on when and where to use a distributed architecture design in your organization's computing needs. You can find the main post here: </span><a href="http://blogs.msdn.com/b/buckwoody/archive/2011/01/18/windows-azure-and-sql-azure-use-cases.aspx"><span style="font-size:small;"><u><font color="#800080">http://blogs.msdn.com/b/buckwoody/archive/2011/01/18/windows-azure-and-sql-azure-use-cases.aspx</font></u></span></a><span style="font-size:small;"> </span></em></span></p> <p><strong><span style="font-size:small;">Description:</span></strong></p> <p><span style="font-size:small;">On-premise data will be a part of computing for quite some time – perhaps permanently. Bandwidth requirements, security, or even financial considerations for large data sets often dictate that relational (on non-relational) systems will be maintained locally in many organizations, especially in enterprise computing. </span></p> <p><span style="font-size:small;">But distributed data systems are useful in many situations. Organizations may wish to store a portion of data off-site, either for sharing the data with other applications (including web-based applications) or as a supplement to a High-Availability and Disaster Recovery (HADR) strategy.</span></p> <span style="font-size:small;"> <p><strong><span style="font-size:small;">Implementation:</span></strong></p> <p><span style="font-size:small;">SQL Azure can be used to add an additional option to an HADR strategy by copying off portions (or all) of an on-premise database system.</span></p> <p><span style="font-size:small;"><a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/3386.sql_2D00_aHADR_5F00_2.png"><img style="background-image:none;border-bottom:0px;border-left:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="sql-aHADR" border="0" alt="sql-aHADR" src="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/4265.sql_2D00_aHADR_5F00_thumb.png" width="298" height="181" /></a></span></p> <p><span style="font-size:small;">In this arrangement, on-premise systems remain as they are. Data is replicated using many technologies, such as SQL Server Integration Services (SSIS), scripts, or Microsoft’s Sync Framework to a SQL Azure database. This data can be kept “cold”, meaning that a manual process is required to bring the data back, or as a “warm” standby using connection string management in the application.</span></p> <p><span style="font-size:small;">Recently we architected a solution where a company kept a rolling two-week window of data replicated to SQL Azure using the <a href="http://msdn.microsoft.com/en-us/sync/default.aspx" target="_blank">Sync Framework</a>. The application, a compiled EXE running on user’s systems, had a “switch connections” button, that allowed the users to take a laptop to another location, select that option, and continue working from anywhere they had Internet connectivity. This required forethought and planning, and did not replace their primary HADR systems, but it did allow them to continue operations in the case of a severe outage at multiple sites. Since they are an emergency services provider, this gave them the highest redundancy.</span></p> <p><span style="font-size:small;">Another option is to amalgamate data from disparate sources. </span></p> <p><span style="font-size:small;"><a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/6320.sql_2D00_aHyb_5F00_2.png"><img style="background-image:none;border-bottom:0px;border-left:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="sql-aHyb" border="0" alt="sql-aHyb" src="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/2625.sql_2D00_aHyb_5F00_thumb.png" width="342" height="134" /></a></span></p> <p><span style="font-size:small;">In this arrangement, two or more data services (one of which is SQL Azure) are accessed by a single program. The program queries each system independently, and using LINQ a single query can work across all of the data, assuming there is some sort of natural or artificial “key” that can join the data sets together. The user programs simply view this single data set as a single data source, unaware of the underlying data sets. This allows great flexibility and agility in the downstream program. The upstream data sources can change as long as the elements are kept consistent.</span></p> <p><span style="font-size:small;">There are performance and security implications to amalgamated data systems, but if architected carefully they provide multiple benefits. A few of of these are that other systems can access the individual data sources, reporting is simplified and standardized, and multiple copies of data are eliminated.</span></p> <span style="font-size:small;"> <p><strong><span style="font-size:small;">Resources:</span></strong></p> <p><span style="font-size:small;">You can read more about the Sync Framework and SQL Azure here: <a href="http://social.technet.microsoft.com/wiki/contents/articles/sync-framework-sql-server-to-sql-azure-synchronization.aspx">http://social.technet.microsoft.com/wiki/contents/articles/sync-framework-sql-server-to-sql-azure-synchronization.aspx</a>&#160;</span></p> <p><span style="font-size:small;">If you are new to LINQ, you can find more resources on it here: <a href="http://msdn.microsoft.com/en-us/library/bb308959.aspx">http://msdn.microsoft.com/en-us/library/bb308959.aspx</a>&#160;</span></p> </span></span><img src="http://sqlblog.com/aggbug.aspx?PostID=35207" width="1" height="1">AzureCloudCloud ComputingConceptsDataData ProfessionalDesignDeveloperDisaster RecoveryLearning PlanPlatform IndependenceSQL AzureSQL ServerSSISWindows AzureSQL Azure Use Case: Shared Data Hubhttp://sqlblog.com/blogs/buck_woody/archive/2011/04/05/sql-azure-use-case-shared-data-hub.aspxTue, 05 Apr 2011 14:10:50 GMT21093a07-8b3d-42db-8cbf-3350fcbf5496:34672BuckWoody0http://sqlblog.com/blogs/buck_woody/comments/34672.aspxhttp://sqlblog.com/blogs/buck_woody/commentrss.aspx?PostID=34672<p><span style="font-size:x-small;"><em><span style="font-size:small;">This is one in a series of posts on when and where to use a distributed architecture design in your organization's computing needs. You can find the main post here: </span><a href="http://blogs.msdn.com/b/buckwoody/archive/2011/01/18/windows-azure-and-sql-azure-use-cases.aspx"><span style="font-size:small;"><u><font color="#800080">http://blogs.msdn.com/b/buckwoody/archive/2011/01/18/windows-azure-and-sql-azure-use-cases.aspx</font></u></span></a><span style="font-size:small;"> </span></em></span></p> <p><strong><span style="font-size:small;">Description:</span></strong></p> <p><font size="2">Organizations often need to share all or part of a data set, which is consumed by other systems. These systems can be on-premise or at another location, or even at a different organization. </font></p> <p><font size="2">Many times these systems use a well-defined data interchange system, such as EDI or other standards. In the case of a trusted system, simply using a direct connection into another database is the process used to transfer data. This process might be one-way or bi-directional.</font></p> <p><font size="2">But there are systems that transfer data back and forth in stages using intermediate systems. A typical data flow in this case looks similar to the following:</font></p> <p><font size="2"><a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/7823.SADH_2D00_1_5F00_2.png"><img style="background-image:none;border-bottom:0px;border-left:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="SADH-1" border="0" alt="SADH-1" src="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/7206.SADH_2D00_1_5F00_thumb.png" width="550" height="227" /></a></font></p> <p><font size="2">In this example, the owning system contains data set A. This is set to a staging system or server, where the receiving system collects it. The receiving system contains data set B and works with data set A to create a new data set, C. This new data is consumed by the original system to complete the cycle. A concrete example is an inventory control system. Data set A is the original inventory list, shipped to a manufacturer. The manufacturer consumes the inventory available, orders and components, and returns the ordering bid with any changes to the staging server as data set C. The data is consumed by the originating system and components are noted in the overall flow of data set A.</font></p> <blockquote> <p><font size="2"><em>Note: Normally this is solved with a full EDI implementation, but this process is still a common practice.</em></font></p> </blockquote> <p><font size="2">There are other examples, but the general concept is one where the need is for two, possibly untrusted systems to share a common source of data.</font></p> <p><strong><span style="font-size:small;">Implementation:</span></strong> </p> <p><font size="2">One possible solution is to segregate the data that is being transferred into an agree-upon set of entities that can be added or edited real-time, where both systems (or many) feed from the same data set instead of shipping the data. This removes latency, improves data quality, and shares the cost of the data. Also, security is increased because there are no shared logins - each firm gets its own.</font></p> <p><font size="2"><a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/6232.SADH_2D00_2_5F00_2.png"><img style="background-image:none;border-bottom:0px;border-left:0px;padding-left:0px;padding-right:0px;display:inline;border-top:0px;border-right:0px;padding-top:0px;" title="SADH-2" border="0" alt="SADH-2" src="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-79-79-metablogapi/0044.SADH_2D00_2_5F00_thumb.png" width="412" height="283" /></a></font></p> <p><font size="2">One consideration with this layout is that the source systems must be altered to use a shared data set. If this is not possible, this is still a possibility as the system can be used as it was before - a data transfer - but the data can be cleansed real-time by both systems. It’s also a more secure and shared-cost system even if used in the original manner.</font></p> <p><font size="2"><strong><span style="font-size:small;">Resources:</span></strong></font> <p><font size="2">Security is a concern in this arrangement, so it’s best to understand exactly how the security works in SQL Azure: <a href="http://msdn.microsoft.com/en-us/library/ff394108.aspx">http://msdn.microsoft.com/en-us/library/ff394108.aspx</a>&#160;</font></p> <p>Another possibility to solve this pattern is to use Data Sync, in many different arrangements that involve SQL Azure. You can learn more about it here: <a href="http://blogs.msdn.com/b/sync/archive/2010/10/07/windows-azure-sync-service-demo-available-for-download.aspx">http://blogs.msdn.com/b/sync/archive/2010/10/07/windows-azure-sync-service-demo-available-for-download.aspx</a></p></p><img src="http://sqlblog.com/aggbug.aspx?PostID=34672" width="1" height="1">AzureAzure Use CasesCloudCloud ComputingConceptsDataData ProfessionalSQL Azure